Stephen Farrell has entered the following ballot position for
draft-ietf-cose-msg-20: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-cose-msg/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


Thanks for the updates in -20. I think we've only the following points
left. Note that all of those are questions to the WG chairs and not to
Jim.

   (2) 3.1, alg: so you're disallowing a setup where the kid
   alone identifies the key and algorithm to the recipient?
   That is used in some IETF protocols (OSPF iirc) so rhat's a
   pity, and will in those (maybe less common) cases consume a
   few bytes that could otherwise be saved.  I think, but am not
   sure, that the WG already discussed this, but if not, maybe
   worth a thought? (Or even a 2nd thought:-) And appendix A.1
   is really puzzling - as it provides instructions for how to
   not follow a MUST in the body of the document.

I think we left the mail thread on this with you saying "Best
to ask the chairs if they agree that this is WG consensus," as
you're an admitteddly strong partisan on this topic. 

So, COSE chairs - what's your take? (If you say this is ok with
the WG, I'll clear.)

   (6) section 10: why MUST the kty values be present always?
   That seems unnecessary in some contexts and I don't get a
   security reason why it's needed e.g. if there's an alg id
   somewhere - can you explain? I can see folks omitting this
   leading to interop problems for not useful reasons. (Same
   comment applies in other cases where kty is a MUST, e.g.
   12.1.2, 12.2.1.)

I think this is the similar to discuss point (2) above.

So again, COSE chairs, can you confirm that this design
does reflect WG consensus and isn't just a thorough and
good editor getting his way? (If you say this is ok with
the WG, I'll clear.)




_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose

Reply via email to